27433 matches found
GHSA-QFR3-29W6-HWPG Typo3 Exception Handler XSS
Cross-site scripting XSS vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages...
GHSA-7W6C-5PR4-7QVP Typo3 Backend XSS Vulnerability
Multiple cross-site scripting XSS vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
Typo3 Install Tool XSS Vulnerability
Cross-site scripting XSS vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross-site scripting in yui 2.4.0
Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207...
Basic SEO Features (seo_basics) extension TYPO3 vulnerable to Cross-site Scripting
Cross-site scripting XSS vulnerability in Basic SEO Features seobasics extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Roundup Cross-site scripting (XSS) vulnerability
Cross-site Scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1...
Roundup Cross-site Scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link...
Roundup Cross-site Scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter...
GHSA-GW2Q-CGVQ-9G3V Roundup Cross-site scripting (XSS) vulnerability
Cross-site Scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1...
GHSA-QMMW-CH2Q-J6XX Typo3 Backend API XSS Vulnerability
Cross-site scripting XSS vulnerability in the tree render API TCA-Tree in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
Typo3 Backend History Module Vulnerable to XSS
Cross-site scripting XSS vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
Typo3 Backend API XSS Vulnerability
Cross-site scripting XSS vulnerability in the tree render API TCA-Tree in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
GHSA-W563-RQ37-CVQ5 Typo3 Backend History Module Vulnerable to XSS
Cross-site scripting XSS vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
GHSA-MFHR-3XMC-R2GG Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
Cross-site scripting XSS vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."...
GHSA-4894-5VQC-6R2R Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget
Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...
Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget
Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...
DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
Cross-site scripting XSS vulnerability in DotNetNuke DNN before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the dnnVariable parameter to the default URI...
GHSA-RVRJ-J7CC-236P DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
Cross-site scripting XSS vulnerability in DotNetNuke DNN before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the dnnVariable parameter to the default URI...
Static Methods since 2007 (div2007) extension for TYPO3 vulnerable to Cross-site Scripting
Cross-site scripting XSS vulnerability in the Static Methods since 2007 div2007 extension before 0.10.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the t3libdiv::quoteJSvalue function...
TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
Cross-site scripting XSS vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers t...